That sounds roughly correct based on when I worked at a theatre, although back then they mailed you drives. Worth noting that the movies are encrypted and you only get decryption keys at release.
But Sony hasn’t made projectors in a while. I suspect this was something like an expired certificate rather than an actual software update.
It hasn't changed much. Most features are still delivered on drives. They're just too damn BIG otherwise.
Keys are sent separately, and are valid only for a certain date-range, and for a specific cinema server. In this case, Sony servers only work with Sony projectors, and vice-versa. Each device has its own certs, but for encrypted feature encoding, the standard is Key Delivery Messages, which unlock the feature Digital Cinema Package (DCP). DCPs are a general purpose cinema package, and is also used to deliver unencrypted clips like ads and trailers.
But the key is the Key. It's only valid for the specific cinema server, and the cinema server is "married" to the projector by encryption. This protects against on-site MITM attacks.
If there's a server update that doesn't update the certs on either the server itself, or the projector (in Sony's case), then the marriage breaks, and the silver screen stays dark.
Nothing anyone else can do about it, either, since any valid certs would have to be issued by Sony, and nobody has the private keys except Sony.
But Sony hasn’t made projectors in a while. I suspect this was something like an expired certificate rather than an actual software update.